CVE-2005-3352 — MEDIUM (4.3)

Q: How severe is CVE-2005-3352?

CVE-2005-3352 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2005-3352?

Check the references section above for vendor advisories and patch information. Affected products include: Apache Http Server.

Vulnerability Description

Cross-site scripting (XSS) vulnerability in the mod_imap module of Apache httpd before 1.3.35-dev and Apache httpd 2.0.x before 2.0.56-dev allows remote attackers to inject arbitrary web script or HTML via the Referer when using image maps.

CVSS Score

4.3

MEDIUM

AV:N/AC:M/Au:N/C:N/I:P/A:N

Confidentiality

NONE

Integrity

PARTIAL

Availability

NONE

Affected Products

Vendor	Product	Versions
Apache	Http Server	< 1.3.35

Related Weaknesses (CWE)

CWE-79

References

ftp://patches.sgi.com/support/free/security/advisories/20060101-01-UBroken Link
http://docs.info.apple.com/article.html?artnum=307562Broken Link
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01428449Broken Link
http://issues.apache.org/bugzilla/show_bug.cgi?id=37874Issue Tracking
http://lists.apple.com/archives/security-announce/2008//May/msg00001.htmlMailing List
http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.htmlMailing List
http://lists.suse.com/archive/suse-security-announce/2007-May/0005.htmlBroken Link
http://lists.suse.de/archive/suse-security-announce/2006-Feb/0008.htmlBroken Link
http://marc.info/?l=bugtraq&m=130497311408250&w=2Mailing ListThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2006-0159.htmlThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2006-0692.htmlBroken Link
http://secunia.com/advisories/17319Not ApplicableURL Repurposed
http://secunia.com/advisories/18008Not Applicable
http://secunia.com/advisories/18333Not Applicable
http://secunia.com/advisories/18339Not Applicable

FAQ

What is CVE-2005-3352?

CVE-2005-3352 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Cross-site scripting (XSS) vulnerability in the mod_imap module of Apache httpd before 1.3.35-dev and Apache httpd 2.0.x before 2.0.56-dev allows remote attackers to inject arbitrary web script or HTM...

How severe is CVE-2005-3352?

CVE-2005-3352 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2005-3352?

Check the references section above for vendor advisories and patch information. Affected products include: Apache Http Server.